Polyverse Weekly Breach Report – Nov. 25th

Nov 25, 2019By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


A new vulnerability in the WhatsApp messaging platform enables hackers to remotely compromise targeted devices. The vulnerability is a stack-based buffer overflow issue that can result in denial-of-service or remote code-execution attacks. To read more:https://thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html

Louisiana state government

Targeted ransomware forced the state government of Louisiana offline, impacting websites, email systems and other internal applications. To read more:https://thehackernews.com/2019/11/louisiana-ransomware-attack.html

Phineas Fisher

A hacktivist known as Phineas Fisher published a manifesto announcing a program that pays up to $100,000 for politically motivated hacks. The program targets mining and livestock companies in South America and an Israeli spyware vendor, oil companies and banks. To read more:https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies

Qualcomm chips

Researchers discovered vulnerabilities in Qualcomm chipsets that enabled attackers to steal information from affected phones. Samsung and LG have applied patches while Motorola is working on a fix. To read more:https://thenextweb.com/security/2019/11/15/bugs-in-qualcomm-chips-leaked-private-data-from-samsung-and-lg-phones/


Hackers began hijacking Disney+ user accounts as soon as the service was launched. In some cases hackers gained access to accounts by using email and passwords leaked at other sites. To read more: https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/


A new report revealed 146 different Android vulnerabilities that are present on devices right out of the box. The vulnerabilities span a wide range of exploits. To read more: https://www.androidauthority.com/kryptowire-android-vulnerabilities-report-1055020/

Port Neches-Groves ISD, Texas

The FBI is working to restore ownership of the Port Neches-Groves Independent School District’s database to the district after hackers deployed ransomware. To read more: https://www.12newsnow.com/article/news/education/port-neches-groves-isd-computers-attacked-by-ransomware/502-dd9746e2-1ad4-413e-94fc-323dde5555eb

Magic: The Gathering

Wizards of the Coast, the maker of the game Magic: The Gathering, left a database backup-file in a public Amazon S3 bucket. Since the bucket had no password, anyone could access the file. The database stored information on 452,634 players, including email addresses. To read more: https://techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/

Cayman National Bank

Cayman National Bank confirmed a data breach. The bank was targeted by Phineas Fisher in his manifesto, which is referenced above. To read more: https://www.vice.com/en_us/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank


Intel is removing old drivers and BIOS updates, released between the 1990s and mid-2000s, from its official website. Removing them causes problems for administrators running legacy systems, some of whom apparently had thought that they would always have access to them. To read more: https://www.zdnet.com/article/intel-to-remove-old-drivers-and-bios-updates-from-its-site-by-the-end-of-the-week/


Veterinary hospitals

National Veterinary Associates is working to recover from a ransomware attack that impacted half of its properties. Many veterinary practices could not access their patient records, payment systems and management software. To read more: https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/


Macy’s announced that it had suffered a data breach after the department store’s website was hacked with the purpose of stealing customer payment information. To read more: https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/

National Milk Records

UK-based dairy and livestock group National Milk Records announced that its revenue fell 14% in the third quarter after the company suffered a cyberattack. The attack was initially announced on September 25, 2019.https://www.sharesmagazine.co.uk/news/market/6676278/National-Milk-Records-revenue-hit-by-cyber-attack


The official website of Monero cryptocurrency was hacked and attackers replaced legitimate Linux and Windows binaries with malicious versions. To read more:https://thehackernews.com/2019/11/hacking-monero-cryptocurrency.html

Gatehub and EpicBot

Researchers found a database with personal information from 2.2m users of Gatehub, a cryptocurrency wallet service, and EpicBot, a gaming bot provider. To read more: https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/


Researchers are working with Oracle to fix several remaining critical vulnerabilities in Oracle E-Business Suite. The vulnerabilities, dubbed PAYDAY, were first patched in April 2018. To read more: https://www.onapsis.com/blog/oracle-payday-vulnerabilities


Personal information belonging to PayMyTab customers was exposed due to a public Amazon bucket. To read more: https://www.zdnet.com/article/paymytab-data-leak-exposes-personal-information-belonging-to-mobile-diners/

Gekko Group

Researchers found a database belonging to Gekko Group, one of Europe’s largest hotel-booking companies, exposed on a public server. The database has information on 140,000 clients, both individuals and organizations. To read more: https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/

Phoenix keylogger

The new keylogger Phoenix is gaining a following because of its anti-antivirus and anti-virtual-machine module that keeps the malware from being detected while deployed. To read more: https://www.zdnet.com/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/

Titan M chip

Google set up a bug bounty of up to $1.5m for hackers to compromise the Titan M chip in Pixel devices. To read more: https://thehackernews.com/2019/11/google-pixel-titan-m-chip.html


T-Mobile announced a data breach impacting prepaid customers’ account information. To read more: https://www.tmonews.com/2019/11/t-mobile-data-breach-prepaid-customers/


Developers at WeWork accidentally exposed contracts for customers based in India, China and Europe on GitHub. WeWork removed the repository from the internet after they were informed. To read more: https://www.vice.com/en_us/article/bjwqxz/wework-developers-exposed-contracts-and-customer-data-on-github

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.